Re: additional mechanisms on top of the auth framework, was: SECDIR review of draft-ietf-httpbis-p7-auth-24

On 2013-10-31 16:05, Bjoern Hoehrmann wrote:
> * Julian Reschke wrote:
>> On 2013-10-31 15:44, Bjoern Hoehrmann wrote:
>>> I think doing s/encryption/authentication/ instead would be better.
>>> There is no reason to discuss confidentiality here. Encryption and other
>>> cryptographic techniques are used in many authentication schemes, like
>>> with client certificates; that may have been the idea behind the text.
>> "authentication on the transport layer"?
> Applying my suggestion would make the text read,
>     The HTTP protocol does not restrict applications to this simple
>     challenge-response framework for access authentication. Additional
>     mechanisms MAY be used, such as authentication at the transport
>     level or via message encapsulation, and with additional header fields
>     specifying authentication information. However, such additional
>     mechanisms are not defined by this specification.
> (The MAY might be better as "can".)
 > ...

OK, applied with 

Best regards, Julian

Received on Friday, 1 November 2013 13:13:35 UTC